Re: [TLS] Another IRINA bug in TLS

Santiago Zanella-Beguelin <santiago@microsoft.com> Thu, 21 May 2015 14:36 UTC

Return-Path: <santiago@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBDF1A1BA4 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 07:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jJTsj1PEHsk for <tls@ietfa.amsl.com>; Thu, 21 May 2015 07:36:33 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0774.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:774]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465A21A1B7F for <tls@ietf.org>; Thu, 21 May 2015 07:36:33 -0700 (PDT)
Received: from BN3PR0301CA0065.namprd03.prod.outlook.com (10.160.152.161) by BN3PR03MB1351.namprd03.prod.outlook.com (10.163.34.15) with Microsoft SMTP Server (TLS) id 15.1.166.22; Thu, 21 May 2015 14:36:11 +0000
Received: from BY2FFO11FD011.protection.gbl (2a01:111:f400:7c0c::130) by BN3PR0301CA0065.outlook.office365.com (2a01:111:e400:401e::33) with Microsoft SMTP Server (TLS) id 15.1.166.22 via Frontend Transport; Thu, 21 May 2015 14:36:12 +0000
Authentication-Results: spf=pass (sender IP is 206.191.250.196) smtp.mailfrom=microsoft.com; redhat.com; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 206.191.250.196 as permitted sender) receiver=protection.outlook.com; client-ip=206.191.250.196; helo=064-smtp-out.microsoft.com;
Received: from 064-smtp-out.microsoft.com (206.191.250.196) by BY2FFO11FD011.mail.protection.outlook.com (10.1.14.129) with Microsoft SMTP Server (TLS) id 15.1.172.14 via Frontend Transport; Thu, 21 May 2015 14:36:09 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net (141.251.50.216) by DB4PR30MB030.064d.mgd.msft.net (141.251.50.210) with Microsoft SMTP Server (TLS) id 15.1.112.16; Thu, 21 May 2015 14:36:08 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) by DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) with mapi id 15.01.0112.000; Thu, 21 May 2015 14:36:08 +0000
From: Santiago Zanella-Beguelin <santiago@microsoft.com>
To: Aaron Zauner <azet@azet.org>
Thread-Topic: [TLS] Another IRINA bug in TLS
Thread-Index: AQHQkwYvDdHZ+lmQNUW54l67jurcrZ2E9gcAgAD9fwCAAB8/AIAAAj6AgAAyIwCAAAGZgIAAAX4AgAACGWGAAAP8AIAAAqUAgAAJjSKAABE/AIAAAhIsgAAF+4CAAAlp2w==
Date: Thu, 21 May 2015 14:36:08 +0000
Message-ID: <1432218967414.742@microsoft.com>
References: <CACsn0ckaML0M_Foq9FXs5LA2dRb1jz+JDX7DUej_ZbuSkUB=tQ@mail.gmail.com> , <1432134170.2926.9.camel@redhat.com> <9A043F3CF02CD34C8E74AC1594475C73AB027EED@uxcn10-tdc05.UoA.auckland.ac.nz> <555D90F6.10103@redhat.com> <1432195799.3243.18.camel@redhat.com> <555DBCE6.7080308@redhat.com> <1432206909.3243.45.camel@redhat.com> ,<555DBF7E.9050807@redhat.com> <1432207863352.27057@microsoft.com> <555DC498.2000109@redhat.com>,<1432209104.3243.65.camel@redhat.com> <1432211226723.39265@microsoft.com>,<555DDD4A.4040206@azet.org> <1432215726134.67809@microsoft.com>,<555DE40B.5050008@azet.org>
In-Reply-To: <555DE40B.5050008@azet.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [92.151.241.88]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD011; 1:7EPxbWOzjJNfoeyPEu71DV6Wi+FM9QYizL3/9OOpAb7U6p4DbIzksh7QnNiAIeeWt3yHgh1HupfUS89gUOZ5+d/JJL4zLpxUBOhtUVj3RFt3y0xaEzPcjdGZhE5JHNfOBjGT94qCntS/bnjCDIuvowyadH4XCsXqHZRqxtns0xQjGL5/lryMGOYxJxriP8TPA0yavPsWQ12XcUTgOybJaOu5wK8T2rMkLnkzNMSQ0MdocU0HtHepVYcvAPxDsyUnsTtBygFboIiN0d0oipD1GFaVb6DPZAJJWDovv/4H0JM2psxPXNYAWM0LnUSFGaA7
X-Forefront-Antispam-Report: CIP:206.191.250.196; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(24454002)(189002)(377454003)(199003)(51704005)(106466001)(47776003)(2900100001)(2950100001)(68736005)(64706001)(15975445007)(102836002)(23756003)(16796002)(46102003)(77156002)(106116001)(62966003)(5001920100001)(5001860100001)(110136002)(5001960100002)(5001830100001)(66066001)(36756003)(6806004)(4001540100001)(97736004)(81156007)(87936001)(2656002)(69596002)(54356999)(76176999)(19580405001)(86612001)(50986999)(50466002)(19580395003)(93886004)(86146001)(189998001)(86362001)(92566002)(117636001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB1351; H:064-smtp-out.microsoft.com; FPR:; SPF:Pass; PTR:ErrorRetry; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR03MB1351; 2:osfs1Kc7KK28YhKZM9GXwRzMd6PLJFEUz+mg2lvqhmRtsKZ5LBv+5BQuPqxsVlbd; 2:tlOOpYsaDO+QJnP1USiWAYkisICJADpp14oEN8UE4GS+KzOPnSO0XLZN6zlNNORlT1f14E9iL6iZxHqUc+UxfCuauudXKQRPqIo/Wbyx1LXKiIfkEAdPn/lKZyh1aDwRH7s2dmiChmqY7AwYmNqIBZmpUA0quFSarV+2U1Ey3yVSsGqU8fUQ/fU9TdDXEdMY4/gQEcML0h/0FS8vwigYI2M/FdQZaVCWPVt5kTRqkXi9SsYxyg2lX8aPV22wyl87; 6:VSbd0FzhnigHgiIKwOrhcuMh9d7CCgyRFDBTllF6wZHzvqb1rLGxjgxBo/JjBOy6rrr0pwjxUd84ix64tQ573sFhPDkKRLI5kcw2b8sPeQ3iYO1WMvcWzo+HoAImzwrxNTalXlTUmAtadWjbx702y0aK8mUgzhTZRzEa9yn7kFHAUqIvT/bR56exYDg1dUDTNq6LQ72fzRhwx7xIwgAT0nH2+N2hBeUaxX24vRyKFERTzx24O6RmUULZkLvN01RFzLZmdouh/U5QAUTuidgLyrB/IwlKcko/GKtgAsmdjEtbEYraLWM9sEIeH7xmxih9l/cxchm9fjWwFogkkG7Lmi6JJqS5Tdm8aBZVAdm9QzGDeb7JY4zfYXm89wbiCKwuJ1c5CnJR3GtHXk3G4gSaftY2Exg1UFlhBpawUyCO+xUyHmbWw0ZPYQiFKr7USJoIY3sjCwvOxKLwd9aLnpqFJWxtm7PyNIXyWsKxQxbD5q+8X5kjzZmkK8sqS+Wbeo3A
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR03MB1351;
X-Microsoft-Antispam-PRVS: <BN3PR03MB13514FC19D32605EBB8B4E9EC9C10@BN3PR03MB1351.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BN3PR03MB1351; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB1351;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR03MB1351; 3:ks0AvdyvJ8jdLL5mqxvoTufaMM7yiq96J6p/tTdMVacj1ofKt2ku9SoYULtBx1r20AJLmyg8nvNHTHKxCOuUcS61ZO4vHJxyOBj61giECV+iWN8gbQxXda8oNyhnctNV0I1W4Wr7HgciycIi3WJp0qwGprEkp09aUug+V8uc6pDNfMOVoMoI/tjD8eyTV9I2XjlVF09cJV2MKUeYgtf7auuSvkBvZePooKYjCSnsLcrBjOZ2E9N+uUbNCcumL/zt3pHmvqD1yk6kmL5VL16lpXZ2FVn8QieBIP62FylKKm1bhw4OuZWScGcWDkwE0t+j
X-Forefront-PRVS: 0583A86C08
X-Microsoft-Exchange-Diagnostics: =?iso-8859-1?Q?1; BN3PR03MB1351; 9:rx7xvCAohQWVQkXDQkj9mqMgGRGNcy63xA141Dgl?= =?iso-8859-1?Q?8gyC8kHSvEW9DO2V+aP9PSZf6+AD9Ac/tNdaor2UQ4OsIm4bo+x5lyORcM?= =?iso-8859-1?Q?eNQzhvf9Ue8+eoj+55kRvpNnZ46V9Rin3qVyZn0ZTrEn0Ci1oOMcEDljsr?= =?iso-8859-1?Q?jTWwaSorFRzdstbPkvgKvoNQAdDznS45kXuvjkurx5SB3rtKKg0CWal4Fk?= =?iso-8859-1?Q?tup9NWI8Sg7z3wHsvB7MeVLbL2A5AnBWwONEY6jy+pmcFO2AtmI7zqzSZ/?= =?iso-8859-1?Q?9QunuxDPtPwA+4G6BKkb1Xt5gG+7kOC8hgDfdkAwQbiU8BG0LMSdkW9KQm?= =?iso-8859-1?Q?6U26gT+k/XUxuZ8zQOfbZYeUK7a2wbXAZzhwxXGc+ZynwTOUNp6ic3Xv+i?= =?iso-8859-1?Q?C3bbt4CwLWC8Is9LRBZZIMoww52c4ExAlIxBeqEeCs//0d6dWRcM5zcHWq?= =?iso-8859-1?Q?lg6z7PKfjj17Z9sJdWoF2TwvH7Vd15Ct3kw4/dbX4oLlB765AaHISSoWNc?= =?iso-8859-1?Q?qoDtMkrVJemx2Onnj2F8D4W7w4lD8ZIjLpab0QvvFbaVhN+ykx4vjDTes0?= =?iso-8859-1?Q?gipXjPJ35HPVttgNFKefk6J95a14XPQKToIXkVHGfWBcWi7Q9dyW6ZS5Ec?= =?iso-8859-1?Q?PZgifCFqn9i38/e8xR0SoNoIYH075gOFJ1QK7ragsOCPIJhDu1bYNzSKE+?= =?iso-8859-1?Q?4S0I4RRD7TGBqv1goZgAOWa3Tu5/Pd0uK1fzTe6y3KqGypRMRZkBcizmGY?= =?iso-8859-1?Q?Ds5AlqAjxeo5oyz/+NNIM0jBZ2t/T9unpDnqonDUxIoZENgJp5hfi2aS7G?= =?iso-8859-1?Q?ILgqMBy58lsC2Sk1gj2uNEIfy8Blt+wtVQQ/AplgIevRSOuzcw4RDs2/FW?= =?iso-8859-1?Q?8nz7EDn5jIND1GONaKvIfe8pE6llR0GyVLRXtPyOKWi8aF1hE6Jnrhpufp?= =?iso-8859-1?Q?kzeeRWlfaU9AXewcMHqnVkG7tZ2xcBSMAOFMG+Bf2hH88C/hqWdM/kXv8g?= =?iso-8859-1?Q?U+tnPnHERIBhfIXmYUvbJ4tZ8NomaBOoCAHH7NSH2FZUphvddzPJCvpDA4?= =?iso-8859-1?Q?0Rl2i3Tf8knvEtr1c5y1sFi7AbwL3+vXEJvBx8sCD9z9oSkYbnMaK/Zxn7?= =?iso-8859-1?Q?gdFh3lsHx7KJIYotsy93MKd3GjEUdh23G26ZMMJ93K6L64rmIqOXVh4Hyz?= =?iso-8859-1?Q?L6xXL9UWZfEunoXzcmsEZwPufag0yT52GLJ7m3/Z+AN08GfGSRadoxUtB+?= =?iso-8859-1?Q?L7iNE7bt8BUFb5Bse5tYUOubYDI4yvXxnxtws4F8bFYmlmXAK6NaltJyLc?= =?iso-8859-1?Q?o=3D?=
X-Microsoft-Exchange-Diagnostics: 1; BN3PR03MB1351; 3:QYvvr+47r0ZcEqLU9hV7YyJATt1Kp+h+NE6PoXIslhX/0MFR0UA2x0QERnO2wtDCqEehuC9pfQTDh8R4lsGnTsLBpqaUxtGA0BW8ypU5nG1sASOO8DcrWsW2N83Ryq+chipWiFig3pvshmyPBSHqHQ==; 10:fS5V7EpURVi+pVK8QsNG2KqvZKTaeEMliF0rHMz9khyNUZGT64nSdMj20dadjY74zoASXpKvDEVcunXie6AOCGNXp5/mi4wusLkT7uRQIDQ=; 6:sVd8DaNC9npt+gIpwMPn5e14pBhIOCjpAO/gISXqCCExippWPqyL0Ajj/nU7/fz9
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2015 14:36:09.6716 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[206.191.250.196]; Helo=[064-smtp-out.microsoft.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB1351
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5F6hr75G8vC3nBDqW-5PDRG8_qc>
Cc: Florian Weimer <fweimer@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Another IRINA bug in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 14:36:35 -0000

> I'm not sure these are all due to people using openssl(1) with the
> "-dsaparam" option, that's a huge number. 

I'm sure they are not all using OpenSSL. 
Other popular groups with a non-safe prime come from RFC 5114 (http://tools.ietf.org/html/rfc5114#section-2).

> My question was actually if people are aware that implementations
> produce these primes per default.

Java does: http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/4fcbddfd97f0/src/share/classes/sun/security/provider/ParameterCache.java

Cheers,
--Santiago

________________________________________
From: Aaron Zauner <azet@azet.org>;
Sent: Thursday, May 21, 2015 2:56 PM
To: Santiago Zanella-Beguelin
Cc: Nikos Mavrogiannopoulos; Florian Weimer; tls@ietf.org
Subject: Re: [TLS] Another IRINA bug in TLS

Santiago Zanella-Beguelin wrote:
> Non-safe primes can be generated using OpenSSL dhparam with the -dsaparam flag, e.g. openssl dhparam -dsaparam 2048
>
> They are still very common. In a recent full IPv4 scan on port 443, we found 1.7M hosts using non-safe primes against 8.42M using safe primes.
>
> By far, the most common non-safe prime appears to come from hosts using Amazon EC2; around 321K hosts authenticating with browser-trusted certificates use it.
>

I'm not sure these are all due to people using openssl(1) with the
"-dsaparam" option, that's a huge number. My question was actually if
people are aware that implementations produce these primes per default.

Aaron